aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/file.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/file.c')
-rw-r--r--security/tomoyo/file.c104
1 files changed, 52 insertions, 52 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 18969e77f5e8..94e1493ab6b6 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -25,8 +25,8 @@ static const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = {
25}; 25};
26 26
27/* Keyword array for operations with one pathname and three numbers. */ 27/* Keyword array for operations with one pathname and three numbers. */
28static const char *tomoyo_path_number3_keyword 28static const char *tomoyo_mkdev_keyword
29[TOMOYO_MAX_PATH_NUMBER3_OPERATION] = { 29[TOMOYO_MAX_MKDEV_OPERATION] = {
30 [TOMOYO_TYPE_MKBLOCK] = "mkblock", 30 [TOMOYO_TYPE_MKBLOCK] = "mkblock",
31 [TOMOYO_TYPE_MKCHAR] = "mkchar", 31 [TOMOYO_TYPE_MKCHAR] = "mkchar",
32}; 32};
@@ -65,7 +65,7 @@ static const u8 tomoyo_p2mac[TOMOYO_MAX_PATH_OPERATION] = {
65 [TOMOYO_TYPE_UMOUNT] = TOMOYO_MAC_FILE_UMOUNT, 65 [TOMOYO_TYPE_UMOUNT] = TOMOYO_MAC_FILE_UMOUNT,
66}; 66};
67 67
68static const u8 tomoyo_pnnn2mac[TOMOYO_MAX_PATH_NUMBER3_OPERATION] = { 68static const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = {
69 [TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK, 69 [TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK,
70 [TOMOYO_TYPE_MKCHAR] = TOMOYO_MAC_FILE_MKCHAR, 70 [TOMOYO_TYPE_MKCHAR] = TOMOYO_MAC_FILE_MKCHAR,
71}; 71};
@@ -133,16 +133,16 @@ const char *tomoyo_path2keyword(const u8 operation)
133} 133}
134 134
135/** 135/**
136 * tomoyo_path_number32keyword - Get the name of path/number/number/number operations. 136 * tomoyo_mkdev2keyword - Get the name of path/number/number/number operations.
137 * 137 *
138 * @operation: Type of operation. 138 * @operation: Type of operation.
139 * 139 *
140 * Returns the name of path/number/number/number operation. 140 * Returns the name of path/number/number/number operation.
141 */ 141 */
142const char *tomoyo_path_number32keyword(const u8 operation) 142const char *tomoyo_mkdev2keyword(const u8 operation)
143{ 143{
144 return (operation < TOMOYO_MAX_PATH_NUMBER3_OPERATION) 144 return (operation < TOMOYO_MAX_MKDEV_OPERATION)
145 ? tomoyo_path_number3_keyword[operation] : NULL; 145 ? tomoyo_mkdev_keyword[operation] : NULL;
146} 146}
147 147
148/** 148/**
@@ -266,7 +266,7 @@ static int tomoyo_audit_path2_log(struct tomoyo_request_info *r)
266 */ 266 */
267static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) 267static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r)
268{ 268{
269 const char *operation = tomoyo_path_number32keyword(r->param.mkdev. 269 const char *operation = tomoyo_mkdev2keyword(r->param.mkdev.
270 operation); 270 operation);
271 const struct tomoyo_path_info *filename = r->param.mkdev.filename; 271 const struct tomoyo_path_info *filename = r->param.mkdev.filename;
272 const unsigned int major = r->param.mkdev.major; 272 const unsigned int major = r->param.mkdev.major;
@@ -380,7 +380,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
380 struct tomoyo_globally_readable_file_entry e = { }; 380 struct tomoyo_globally_readable_file_entry e = { };
381 int error; 381 int error;
382 382
383 if (!tomoyo_is_correct_word(filename)) 383 if (!tomoyo_correct_word(filename))
384 return -EINVAL; 384 return -EINVAL;
385 e.filename = tomoyo_get_name(filename); 385 e.filename = tomoyo_get_name(filename);
386 if (!e.filename) 386 if (!e.filename)
@@ -393,7 +393,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
393} 393}
394 394
395/** 395/**
396 * tomoyo_is_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading. 396 * tomoyo_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading.
397 * 397 *
398 * @filename: The filename to check. 398 * @filename: The filename to check.
399 * 399 *
@@ -401,7 +401,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
401 * 401 *
402 * Caller holds tomoyo_read_lock(). 402 * Caller holds tomoyo_read_lock().
403 */ 403 */
404static bool tomoyo_is_globally_readable_file(const struct tomoyo_path_info * 404static bool tomoyo_globally_readable_file(const struct tomoyo_path_info *
405 filename) 405 filename)
406{ 406{
407 struct tomoyo_globally_readable_file_entry *ptr; 407 struct tomoyo_globally_readable_file_entry *ptr;
@@ -517,7 +517,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
517 struct tomoyo_pattern_entry e = { }; 517 struct tomoyo_pattern_entry e = { };
518 int error; 518 int error;
519 519
520 if (!tomoyo_is_correct_word(pattern)) 520 if (!tomoyo_correct_word(pattern))
521 return -EINVAL; 521 return -EINVAL;
522 e.pattern = tomoyo_get_name(pattern); 522 e.pattern = tomoyo_get_name(pattern);
523 if (!e.pattern) 523 if (!e.pattern)
@@ -658,7 +658,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
658 struct tomoyo_no_rewrite_entry e = { }; 658 struct tomoyo_no_rewrite_entry e = { };
659 int error; 659 int error;
660 660
661 if (!tomoyo_is_correct_word(pattern)) 661 if (!tomoyo_correct_word(pattern))
662 return -EINVAL; 662 return -EINVAL;
663 e.pattern = tomoyo_get_name(pattern); 663 e.pattern = tomoyo_get_name(pattern);
664 if (!e.pattern) 664 if (!e.pattern)
@@ -671,7 +671,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
671} 671}
672 672
673/** 673/**
674 * tomoyo_is_no_rewrite_file - Check if the given pathname is not permitted to be rewrited. 674 * tomoyo_no_rewrite_file - Check if the given pathname is not permitted to be rewrited.
675 * 675 *
676 * @filename: Filename to check. 676 * @filename: Filename to check.
677 * 677 *
@@ -680,7 +680,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
680 * 680 *
681 * Caller holds tomoyo_read_lock(). 681 * Caller holds tomoyo_read_lock().
682 */ 682 */
683static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info *filename) 683static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename)
684{ 684{
685 struct tomoyo_no_rewrite_entry *ptr; 685 struct tomoyo_no_rewrite_entry *ptr;
686 bool found = false; 686 bool found = false;
@@ -774,7 +774,7 @@ static bool tomoyo_check_path2_acl(const struct tomoyo_request_info *r,
774static bool tomoyo_check_mkdev_acl(const struct tomoyo_request_info *r, 774static bool tomoyo_check_mkdev_acl(const struct tomoyo_request_info *r,
775 const struct tomoyo_acl_info *ptr) 775 const struct tomoyo_acl_info *ptr)
776{ 776{
777 const struct tomoyo_path_number3_acl *acl = 777 const struct tomoyo_mkdev_acl *acl =
778 container_of(ptr, typeof(*acl), head); 778 container_of(ptr, typeof(*acl), head);
779 return (acl->perm & (1 << r->param.mkdev.operation)) && 779 return (acl->perm & (1 << r->param.mkdev.operation)) &&
780 tomoyo_compare_number_union(r->param.mkdev.mode, 780 tomoyo_compare_number_union(r->param.mkdev.mode,
@@ -792,8 +792,8 @@ static bool tomoyo_same_path_acl(const struct tomoyo_acl_info *a,
792{ 792{
793 const struct tomoyo_path_acl *p1 = container_of(a, typeof(*p1), head); 793 const struct tomoyo_path_acl *p1 = container_of(a, typeof(*p1), head);
794 const struct tomoyo_path_acl *p2 = container_of(b, typeof(*p2), head); 794 const struct tomoyo_path_acl *p2 = container_of(b, typeof(*p2), head);
795 return tomoyo_is_same_acl_head(&p1->head, &p2->head) && 795 return tomoyo_same_acl_head(&p1->head, &p2->head) &&
796 tomoyo_is_same_name_union(&p1->name, &p2->name); 796 tomoyo_same_name_union(&p1->name, &p2->name);
797} 797}
798 798
799static bool tomoyo_merge_path_acl(struct tomoyo_acl_info *a, 799static bool tomoyo_merge_path_acl(struct tomoyo_acl_info *a,
@@ -853,28 +853,28 @@ static int tomoyo_update_path_acl(const u8 type, const char *filename,
853 return error; 853 return error;
854} 854}
855 855
856static bool tomoyo_same_path_number3_acl(const struct tomoyo_acl_info *a, 856static bool tomoyo_same_mkdev_acl(const struct tomoyo_acl_info *a,
857 const struct tomoyo_acl_info *b) 857 const struct tomoyo_acl_info *b)
858{ 858{
859 const struct tomoyo_path_number3_acl *p1 = container_of(a, typeof(*p1), 859 const struct tomoyo_mkdev_acl *p1 = container_of(a, typeof(*p1),
860 head); 860 head);
861 const struct tomoyo_path_number3_acl *p2 = container_of(b, typeof(*p2), 861 const struct tomoyo_mkdev_acl *p2 = container_of(b, typeof(*p2),
862 head); 862 head);
863 return tomoyo_is_same_acl_head(&p1->head, &p2->head) 863 return tomoyo_same_acl_head(&p1->head, &p2->head)
864 && tomoyo_is_same_name_union(&p1->name, &p2->name) 864 && tomoyo_same_name_union(&p1->name, &p2->name)
865 && tomoyo_is_same_number_union(&p1->mode, &p2->mode) 865 && tomoyo_same_number_union(&p1->mode, &p2->mode)
866 && tomoyo_is_same_number_union(&p1->major, &p2->major) 866 && tomoyo_same_number_union(&p1->major, &p2->major)
867 && tomoyo_is_same_number_union(&p1->minor, &p2->minor); 867 && tomoyo_same_number_union(&p1->minor, &p2->minor);
868} 868}
869 869
870static bool tomoyo_merge_path_number3_acl(struct tomoyo_acl_info *a, 870static bool tomoyo_merge_mkdev_acl(struct tomoyo_acl_info *a,
871 struct tomoyo_acl_info *b, 871 struct tomoyo_acl_info *b,
872 const bool is_delete) 872 const bool is_delete)
873{ 873{
874 u8 *const a_perm = &container_of(a, struct tomoyo_path_number3_acl, 874 u8 *const a_perm = &container_of(a, struct tomoyo_mkdev_acl,
875 head)->perm; 875 head)->perm;
876 u8 perm = *a_perm; 876 u8 perm = *a_perm;
877 const u8 b_perm = container_of(b, struct tomoyo_path_number3_acl, head) 877 const u8 b_perm = container_of(b, struct tomoyo_mkdev_acl, head)
878 ->perm; 878 ->perm;
879 if (is_delete) 879 if (is_delete)
880 perm &= ~b_perm; 880 perm &= ~b_perm;
@@ -885,7 +885,7 @@ static bool tomoyo_merge_path_number3_acl(struct tomoyo_acl_info *a,
885} 885}
886 886
887/** 887/**
888 * tomoyo_update_path_number3_acl - Update "struct tomoyo_path_number3_acl" list. 888 * tomoyo_update_mkdev_acl - Update "struct tomoyo_mkdev_acl" list.
889 * 889 *
890 * @type: Type of operation. 890 * @type: Type of operation.
891 * @filename: Filename. 891 * @filename: Filename.
@@ -899,13 +899,13 @@ static bool tomoyo_merge_path_number3_acl(struct tomoyo_acl_info *a,
899 * 899 *
900 * Caller holds tomoyo_read_lock(). 900 * Caller holds tomoyo_read_lock().
901 */ 901 */
902static int tomoyo_update_path_number3_acl(const u8 type, const char *filename, 902static int tomoyo_update_mkdev_acl(const u8 type, const char *filename,
903 char *mode, char *major, char *minor, 903 char *mode, char *major, char *minor,
904 struct tomoyo_domain_info * const 904 struct tomoyo_domain_info * const
905 domain, const bool is_delete) 905 domain, const bool is_delete)
906{ 906{
907 struct tomoyo_path_number3_acl e = { 907 struct tomoyo_mkdev_acl e = {
908 .head.type = TOMOYO_TYPE_PATH_NUMBER3_ACL, 908 .head.type = TOMOYO_TYPE_MKDEV_ACL,
909 .perm = 1 << type 909 .perm = 1 << type
910 }; 910 };
911 int error = is_delete ? -ENOENT : -ENOMEM; 911 int error = is_delete ? -ENOENT : -ENOMEM;
@@ -915,8 +915,8 @@ static int tomoyo_update_path_number3_acl(const u8 type, const char *filename,
915 !tomoyo_parse_number_union(minor, &e.minor)) 915 !tomoyo_parse_number_union(minor, &e.minor))
916 goto out; 916 goto out;
917 error = tomoyo_update_domain(&e.head, sizeof(e), is_delete, domain, 917 error = tomoyo_update_domain(&e.head, sizeof(e), is_delete, domain,
918 tomoyo_same_path_number3_acl, 918 tomoyo_same_mkdev_acl,
919 tomoyo_merge_path_number3_acl); 919 tomoyo_merge_mkdev_acl);
920 out: 920 out:
921 tomoyo_put_name_union(&e.name); 921 tomoyo_put_name_union(&e.name);
922 tomoyo_put_number_union(&e.mode); 922 tomoyo_put_number_union(&e.mode);
@@ -930,9 +930,9 @@ static bool tomoyo_same_path2_acl(const struct tomoyo_acl_info *a,
930{ 930{
931 const struct tomoyo_path2_acl *p1 = container_of(a, typeof(*p1), head); 931 const struct tomoyo_path2_acl *p1 = container_of(a, typeof(*p1), head);
932 const struct tomoyo_path2_acl *p2 = container_of(b, typeof(*p2), head); 932 const struct tomoyo_path2_acl *p2 = container_of(b, typeof(*p2), head);
933 return tomoyo_is_same_acl_head(&p1->head, &p2->head) 933 return tomoyo_same_acl_head(&p1->head, &p2->head)
934 && tomoyo_is_same_name_union(&p1->name1, &p2->name1) 934 && tomoyo_same_name_union(&p1->name1, &p2->name1)
935 && tomoyo_is_same_name_union(&p1->name2, &p2->name2); 935 && tomoyo_same_name_union(&p1->name2, &p2->name2);
936} 936}
937 937
938static bool tomoyo_merge_path2_acl(struct tomoyo_acl_info *a, 938static bool tomoyo_merge_path2_acl(struct tomoyo_acl_info *a,
@@ -1014,7 +1014,7 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
1014 tomoyo_check_acl(r, tomoyo_check_path_acl); 1014 tomoyo_check_acl(r, tomoyo_check_path_acl);
1015 if (!r->granted && operation == TOMOYO_TYPE_READ && 1015 if (!r->granted && operation == TOMOYO_TYPE_READ &&
1016 !r->domain->ignore_global_allow_read && 1016 !r->domain->ignore_global_allow_read &&
1017 tomoyo_is_globally_readable_file(filename)) 1017 tomoyo_globally_readable_file(filename))
1018 r->granted = true; 1018 r->granted = true;
1019 error = tomoyo_audit_path_log(r); 1019 error = tomoyo_audit_path_log(r);
1020 /* 1020 /*
@@ -1029,7 +1029,7 @@ int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
1029 * specified by "deny_rewrite" keyword. 1029 * specified by "deny_rewrite" keyword.
1030 */ 1030 */
1031 if (!error && operation == TOMOYO_TYPE_TRUNCATE && 1031 if (!error && operation == TOMOYO_TYPE_TRUNCATE &&
1032 tomoyo_is_no_rewrite_file(filename)) { 1032 tomoyo_no_rewrite_file(filename)) {
1033 operation = TOMOYO_TYPE_REWRITE; 1033 operation = TOMOYO_TYPE_REWRITE;
1034 goto next; 1034 goto next;
1035 } 1035 }
@@ -1043,9 +1043,9 @@ static bool tomoyo_same_path_number_acl(const struct tomoyo_acl_info *a,
1043 head); 1043 head);
1044 const struct tomoyo_path_number_acl *p2 = container_of(b, typeof(*p2), 1044 const struct tomoyo_path_number_acl *p2 = container_of(b, typeof(*p2),
1045 head); 1045 head);
1046 return tomoyo_is_same_acl_head(&p1->head, &p2->head) 1046 return tomoyo_same_acl_head(&p1->head, &p2->head)
1047 && tomoyo_is_same_name_union(&p1->name, &p2->name) 1047 && tomoyo_same_name_union(&p1->name, &p2->name)
1048 && tomoyo_is_same_number_union(&p1->number, &p2->number); 1048 && tomoyo_same_number_union(&p1->number, &p2->number);
1049} 1049}
1050 1050
1051static bool tomoyo_merge_path_number_acl(struct tomoyo_acl_info *a, 1051static bool tomoyo_merge_path_number_acl(struct tomoyo_acl_info *a,
@@ -1204,7 +1204,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
1204 error = -ENOMEM; 1204 error = -ENOMEM;
1205 goto out; 1205 goto out;
1206 } 1206 }
1207 if (tomoyo_is_no_rewrite_file(&buf)) 1207 if (tomoyo_no_rewrite_file(&buf))
1208 error = tomoyo_path_permission(&r, TOMOYO_TYPE_REWRITE, 1208 error = tomoyo_path_permission(&r, TOMOYO_TYPE_REWRITE,
1209 &buf); 1209 &buf);
1210 } 1210 }
@@ -1258,7 +1258,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path)
1258 goto out; 1258 goto out;
1259 switch (operation) { 1259 switch (operation) {
1260 case TOMOYO_TYPE_REWRITE: 1260 case TOMOYO_TYPE_REWRITE:
1261 if (!tomoyo_is_no_rewrite_file(&buf)) { 1261 if (!tomoyo_no_rewrite_file(&buf)) {
1262 error = 0; 1262 error = 0;
1263 goto out; 1263 goto out;
1264 } 1264 }
@@ -1279,7 +1279,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path)
1279} 1279}
1280 1280
1281/** 1281/**
1282 * tomoyo_path_number3_perm - Check permission for "mkblock" and "mkchar". 1282 * tomoyo_mkdev_perm - Check permission for "mkblock" and "mkchar".
1283 * 1283 *
1284 * @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK) 1284 * @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK)
1285 * @path: Pointer to "struct path". 1285 * @path: Pointer to "struct path".
@@ -1288,7 +1288,7 @@ int tomoyo_path_perm(const u8 operation, struct path *path)
1288 * 1288 *
1289 * Returns 0 on success, negative value otherwise. 1289 * Returns 0 on success, negative value otherwise.
1290 */ 1290 */
1291int tomoyo_path_number3_perm(const u8 operation, struct path *path, 1291int tomoyo_mkdev_perm(const u8 operation, struct path *path,
1292 const unsigned int mode, unsigned int dev) 1292 const unsigned int mode, unsigned int dev)
1293{ 1293{
1294 struct tomoyo_request_info r; 1294 struct tomoyo_request_info r;
@@ -1304,7 +1304,7 @@ int tomoyo_path_number3_perm(const u8 operation, struct path *path,
1304 error = -ENOMEM; 1304 error = -ENOMEM;
1305 if (tomoyo_get_realpath(&buf, path)) { 1305 if (tomoyo_get_realpath(&buf, path)) {
1306 dev = new_decode_dev(dev); 1306 dev = new_decode_dev(dev);
1307 r.param_type = TOMOYO_TYPE_PATH_NUMBER3_ACL; 1307 r.param_type = TOMOYO_TYPE_MKDEV_ACL;
1308 r.param.mkdev.filename = &buf; 1308 r.param.mkdev.filename = &buf;
1309 r.param.mkdev.operation = operation; 1309 r.param.mkdev.operation = operation;
1310 r.param.mkdev.mode = mode; 1310 r.param.mkdev.mode = mode;
@@ -1420,11 +1420,11 @@ int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain,
1420 } 1420 }
1421 if (!w[3][0] || !w[4][0]) 1421 if (!w[3][0] || !w[4][0])
1422 goto out; 1422 goto out;
1423 for (type = 0; type < TOMOYO_MAX_PATH_NUMBER3_OPERATION; type++) { 1423 for (type = 0; type < TOMOYO_MAX_MKDEV_OPERATION; type++) {
1424 if (strcmp(w[0], tomoyo_path_number3_keyword[type])) 1424 if (strcmp(w[0], tomoyo_mkdev_keyword[type]))
1425 continue; 1425 continue;
1426 return tomoyo_update_path_number3_acl(type, w[1], w[2], w[3], 1426 return tomoyo_update_mkdev_acl(type, w[1], w[2], w[3],
1427 w[4], domain, is_delete); 1427 w[4], domain, is_delete);
1428 } 1428 }
1429 out: 1429 out:
1430 return -EINVAL; 1430 return -EINVAL;